<?php
session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = $_SESSION['user'];

$result = mysql_query("SELECT * FROM user WHERE id = $user");
$row = mysql_fetch_array($result);

if($row['type'] != 2 && $row['type'] != 3)
	header("Location: home.php");

if(!isset($_GET['id']))
	die("Direct script access not allowed");

$id = mysql_real_escape_string($_GET['id']);

mysql_query("DELETE FROM order_record WHERE id = $id");

header("Location: ".$_SERVER['HTTP_REFERER']);
?>